A holistic security strategy optimises cybersecurity costs

Laurent Bouchoucha

January 09, 2023

Enterprises must assess their needs, reduce overlap and make a comprehensive plan to stretch their cybersecurity budgets.

The exponential rise in the volume of Internet of Things (IoT) brings with it an increase in the potential for cybersecurity breaches. Each device, sensor, camera or other object has the potential to make a chink in the armour. That means enterprises must seriously assess the budget implications of rising security costs. Gone are the days of just purchasing security point products, such as Firewalls, Intrusion Detection Systems and Network Access Control Systems. Today enterprises are investing in managed services to improve network security like risk assessment and analysis, training to help employees become cyber-defenders, as well as ongoing network and website vulnerability assessments. This is where things are headed. The question is how can you optimise your network security costs in this challenging new landscape?

Know your needs

There are clearly some areas where cybersecurity overspending happens. Take, for example, buying, deploying and maintaining a myriad of independent security solutions. Multiple solutions mean overlap, and consequently, cost inefficiencies. Businesses must assess their needs and have a clear understanding of each solution’s purpose, as well as the level of integration required between vendors. It’s also important to note that many security solutions are oversized, especially the software licensing portion. In many cases some of this spending would be better re-directed to focus on other more critical areas.

One area that can make a notable difference is a simple right-sized network with secured access. Such technologies exist and are called Network Access Control (NAC). Unfortunately, adoption has lagged, because it can be expensive and complex, depending on the vendor. However, the reality is that it can be even more painful when human-based processes for security configurations lead to potential errors, which ultimately incur additional costs. The same goes for security remediation, where the lack of even basic automation mechanisms can cause unnecessary help desk costs. Today, simple and cost-optimised network automation exists and should be a key area where businesses are willing to spend some money.

5 Considerations

Reducing, or at least maintaining security costs requires innovative solutions and adoption of specific network frameworks and policies across a business. Following are my top 5 tips for consideration:

1. Adopt a zero trust approach: Zero trust provides office and remote users with secure connectivity without exposing networks to external attacks and lateral movement risks, ultimately reducing data breach costs. Users must be authenticated for security configurations before any access is granted. This authentication and authorisation process must be automated to limit potential errors which can lead to increased costs. Mapping of users or objects to network segments and security policies is dynamic, policy-driven and based on authentication. Together with the zero trust approach, a new convergence of network and communications technologies with Artificial Intelligence for IT Operations (AIOps) automatically alert IT stakeholders in real-time about security breaches, enabling immediate action and reducing damage costs.

2. Invest in a unified wired and wireless network management system: This zero trust approach must be the same for wired and wireless for the sake of simplification and reduced Total Cost of Ownership (TCO). Consolidating network security policies, applications and connectivity requirements into one unique platform will reduce time and costs required to train staff on multiple systems, and drastically reduces the time between implementation and action.

3. Understand the costs: There should be no surprises such as over-charging for costly software licenses. Also, make sure the TCO solution agreement is clear upfront. Look for a provider with one cost that covers multiple licenses, rather than a license per feature which can quickly add up.

4. Consider OpEx and CapEx: New hybrid models of operating expenses (OpEx) and capital expenditures (CapEx) are a great option if you have a constrained budget. Flexibility lets businesses invest in the latest innovation through subscription services. Cloud-based subscription models offer access to the latest secure technology with incredible speed and scale at an affordable rate. These offers are also known as Network as a Service (NaaS).

5. Deploy best practices: Discussions with business and operational stakeholders are necessary to develop security policies. The new security policies must be tested thoroughly before activation to ensure essential activities are not disrupted. For example, an existing device that currently has unauthorised access could actually be part of a mission-critical activity. Network quarantining without testing could create an inadvertent impact if the device’s access is altered.

A comprehensive approach

Businesses can no longer rely solely on software and hardware security. The safety of the network must be woven into the fabric of an organisation's operations rather than treated as add-ons. Adopting a multi-faceted security approach, including VPNs, firewalls and Identity Access Management (IAM) provides distributed security.

A multi-layered approach to cybersecurity provides extra barriers against cyberattacks and is preventive, ensuring the security of IT assets and data as well as keeping future costs in check. This allows more control over user access, while lowering the security impact of vulnerabilities created by IoT, mobile and network devices. Ultimately, preventing breaches from serving as an attack vector and providing a trusted business ecosystem.

Whether the infrastructure is fully on premises, managed or remotely operated, it must be continuously monitored to identify, block and remediate any attempts or attacks. Network components must be kept up-to-date, and easily managed. One of the most critical challenges in cybersecurity is no longer the technology but the agility, which can reduce time to action. This can only be achieved if strategies are approached holistically and centrally managed.

Access to cloud applications is a must, due to the rise in hybrid and remote working models. However, as cloud-based systems and the number of mobile devices grow, the boundaries to secure also become more widespread.

A Secure Access Service Edge (SASE) complements a secured LAN and WLAN campus to address hybrid working. This framework for network architecture combines SD-WAN and VPN capabilities with cloud-native security features like firewalls, secure web gateways, cloud access security brokers, and zero trust network access. Cloud-based SASE offers secure connections for users, systems and endpoints, to applications and services anywhere. Rather than focusing on a secure perimeter, SASE emphasises the user, allowing for more dynamic connections to applications and services. This means it can provide the wide-reaching cloud-based security that businesses need, with the help of VPN capabilities.

Cybersecurity cannot operate in silos. The ever-increasing number of vulnerabilities means an organisation must keep its network agile and supported at all times, ready to react to any new potential threats. Security deployments must also follow best practices. A holistic security strategy combined with effective employee cybersecurity training offers greater defence against cyberattacks and ensures enterprises have the resources they need, where and when they’re needed.

To learn more about building a Zero Trust Architecture Network, please download this eBook.